Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check for publicly_Queryable, not public #27

Open
JustinSainton opened this issue Nov 11, 2019 · 0 comments
Open

Check for publicly_Queryable, not public #27

JustinSainton opened this issue Nov 11, 2019 · 0 comments

Comments

@JustinSainton
Copy link
Member

Hi.

The version 2.3.1 security update appears to require custom post types to have public=true in order to be favorited. While I understand the rationale behind this, there are certain narrow circumstances in which it's appropriate for a custom post type to have public=false, but publicly_queryable=true; this is the scenario I'm running into with one of my projects.

Would there by any negative security implications to modifying the plugin to require publicly_queryable=true rather than public=true for posts to be favoritable? (I believe this is enforced in PostTypeRepository.php)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant